Overview

overview

10

Static

static

3

8ad5a62333...eN.exe

windows7-x64

10

8ad5a62333...eN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe

  • Size

    5.8MB

  • MD5

    48a27e390bb0f38f4bd3fb8170b71e10

  • SHA1

    335bdab956b0f5d04421652d6ae43e9f862ca837

  • SHA256

    8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425e

  • SHA512

    2e5391c2938b17c14d4e6869993588597f501d87798a3f5b58ff3ba77358accfaa783036fb31fef634031accb6f4d503b4395488613a03db86087cb00d1857d9

  • SSDEEP

    98304:RF8QUitE4iLqaPWGnEv+OKQr8MAvFrpHv/kAZIlnHyLF06Sud19nEntkKoML:RFQWEPnPBnEmOKIbGpPMAZcy3qyKBL

Score
10/10
banloaddiscoverydownloaderdropperevasionransomwaretrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Renames multiple (195) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe
    "C:\Users\Admin\AppData\Local\Temp\8ad5a6233319b2d6a55683abb6b3d69909ee03894fc110bf539317f5d366425eN.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    5.9MB

    MD5

    bde49d9934eb2a744d6e663b70c07371

    SHA1

    cfce3c541fd60c56ad93f80b87be965ea947d87e

    SHA256

    2c72ab2de76208182488da845b9cefb97da4621951a53b512a675060dd5c6f78

    SHA512

    60b6f2b84832abbc6ee4947a7a20a8aa121b4937407d10363484dcf62d4d3667b61dbfbf0874d035805bbe289a297a7358a18ba3493b19821230b681ba50a9a7

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    5.9MB

    MD5

    728346a990864f31010ed0b69b4d9e15

    SHA1

    9ef86f54bd66a807714347156265583b008733fc

    SHA256

    1492978a3aa562906851e5faf1beb0d158e917f975d9f4a7d25979d0048bb54f

    SHA512

    defaf5dd8404b3bae329dac56391030855c7b3d9db34a1f6cdd12e20e9b386db3e5d5ca376d18739504994d642abcbfd0de126706a45654a66017cf30b73d9e0

    Download Submit

  • memory/2512-0-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2512-1-0x0000000003180000-0x000000000338C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2512-8-0x0000000003180000-0x000000000338C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2512-12-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2512-11-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2512-13-0x0000000003180000-0x000000000338C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2512-23-0x0000000003180000-0x000000000338C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2512-33-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2512-35-0x0000000003180000-0x000000000338C000-memory.dmp

    Filesize

    2.0MB

    Download